package com.zhao.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.zhao.pojo.Menu;
import com.zhao.service.MenuService;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

@Configuration
public class ShiroConfig {
    @Autowired
    MenuService menuService;

    //3.ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);

        //添加shiro的内置过滤器
        /*
            anon:无需认证就可以访问
            authc: 必须认证了才能访问
            user:必须拥有 记住我 功能才能用
            perms:拥有对某个资源的权限才能访问
            role:拥有某个角色权限才能访问
        */
        //拦截
        Map<String,String> filterMap = new LinkedHashMap<>();
        //获取页面的权限名称并设置
        List<Menu> list = menuService.list(null);
        //filterMap.put("/upload/userimg/2021/8/*","anon");
        //error 直接访问
        filterMap.put("/error/*","anon");
        //前台部分 直接访问
        filterMap.put("/show/*","anon");
        //后台管理 需要登录authc
        filterMap.put("/user/*","authc");
        filterMap.put("/admin/*","anon");

        filterMap.put("/loginCenter/*","anon");//登录中心：登录、注册、找回密码、验证信息、邮件验证码发送、
        for (Menu menu: list) {
            if (!menu.getAddress().equals("#")){
                filterMap.put(menu.getAddress(),"perms["+menu.getPerms()+"]");
            }
        }
       /* filterMap.put("/article/add_article","perms[user:add_article]");
        filterMap.put("/file/add_file","perms[user:add_file]");*/
        bean.setFilterChainDefinitionMap(filterMap);
        //设置登录的请求
        bean.setLoginUrl("/loginCenter/toLogin");
        //未经授权页面
        bean.setUnauthorizedUrl("/loginCenter/noAuth");
        return bean;
    }
    //2.DafaultWebSecurityManager
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联UserRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    //1.创建realm对象 需要自定义
    @Bean
    public UserRealm userRealm(@Qualifier("matcher") HashedCredentialsMatcher matcher){
        UserRealm userRealm = new UserRealm();
        userRealm.setAuthorizationCachingEnabled(false);
        userRealm.setCredentialsMatcher(matcher);
        return userRealm;
    }

    //整合ShiroDialect：用来整合 shiro thymeleaf
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }
    /**
     * 密码匹配凭证管理器
     *
     * @return
     */
    @Bean(name = "matcher")
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        // 采用MD5方式加密
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");
        // 设置加密次数
        hashedCredentialsMatcher.setHashIterations(1024);
        hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
        return hashedCredentialsMatcher;
    }

}
